一.安装qemu
注意,目前kata-container所要求的qemu最低版本是v2.7.0.在笔者的环境下(Ubuntu16.04 VM),apt-get官方源的最高版本是v2.5.0.所以不要用apt-get install的方式安装qemu.从github下载源码进行安装.这里推荐安装v2.8.1版本.因为更高版本的qemu的依赖无法用apt-get install直接安装.
具体安装步骤为:
1.进入qemu源码目录
执行./configure --enable-virtfs,这里是为了开启虚拟文件系统,如果不添加这个参数.在运行docker启动kata-container时,会报'virtio-9p-pci' is not a valid device model name: unknown的错误
2.执行make&&sudo make install
3.将/usr/local/bin/qemu-system-x86_64拷贝为/usr/bin/qemu-lite-system-x86_64
Kata-container 环境搭建手顺
二.安装kata组件
1.从github下载kata的相关组件,包括runtime,agent,proxy,shim,osbuilder,tests
2.进入kata-containers/runtime目录,执行sudo make&&sudo make install.
执行sudo kata-runtime kata-check,这条指令会给出一组检查结果,这组检查结果告诉用户,当前系统是否满足运行kata-containers的条件.参考结果如下图,
可以看到该主机没有开启虚拟化支持.我的测试环境是一台qemu虚拟机,利用virsh指令编辑其xml文件可以解决这个问题.
在测试主机所在的物理机上执行virsh edit wlh-kata,修改其cpu配置为
<cpu mode='custom' match='exact'>
<model fallback='forbid'>core2duo</model>
<feature policy='require' name='vmx'/>
<feature policy='require' name='sse4.1'/>
</cpu>
这里wlh-kata是这台虚拟机的名字,可以用virsh list --all获得.
修改了xml文件后重启虚拟机,再次执行sudo kata-runtime kata-check,确认所有检查通过.
3.依次在其他kata-containers组件目录下执行make&&sudo make install.
三.生成kata-container.img
1.Create a local rootfs
$ export ROOTFS_DIR=${GOPATH}/src/github.com/kata-containers/osbuilder/rootfs-builder/rootfs
$ sudo rm -rf ${ROOTFS_DIR}
$ cd $GOPATH/src/github.com/kata-containers/osbuilder/rootfs-builder
$ script -fec 'sudo -E GOPATH=$GOPATH USE_DOCKER=true ./rootfs.sh ${distro}'
2.build a rootfs image
$ cd $GOPATH/src/github.com/kata-containers/osbuilder/image-builder
$ script -fec 'sudo -E USE_DOCKER=true ./image_builder.sh ${ROOTFS_DIR}'
3.Install the rootfs image
$ commit=$(git log --format=%h -1 HEAD)
$ date=$(date +%Y-%m-%d-%T.%N%z)
$ image="kata-containers-${date}-${commit}"
$ sudo install -o root -g root -m 0640 -D kata-containers.img "/usr/share/kata-containers/${image}"
$ (cd /usr/share/kata-containers && sudo ln -sf "$image" kata-containers.img)
执行完以上步骤以后,会生成以下文件
wlh-kata@wlhkata-Standard-PC-i440FX-PIIX-1996:/usr/share/kata-containers$ ls -al
total 148020
drwxr-xr-x 2 root root 4096 6月 16 06:00 .
drwxr-xr-x 294 root root 12288 6月 16 05:59 ..
-rw-r----- 1 root root 268435456 6月 16 05:59 kata-containers-2018-06-16-05:59:41.532756720+0800-72dca93
lrwxrwxrwx 1 root root 58 6月 16 06:00 kata-containers.img -> kata-containers-2018-06-16-05:59:41.532756720+0800-72dca93
四.安装guest kernel image
$ go get github.com/kata-containers/tests
$ cd $GOPATH/src/github.com/kata-containers/tests/.ci
$ kernel_arch="$(./kata-arch.sh --golang)"
$ kernel_dir="$(./kata-arch.sh --kernel)"
$ tmpdir="$(mktemp -d)"
$ pushd "$tmpdir"
$ curl -L https://raw.githubusercontent.com/kata-containers/packaging/master/kernel/configs/${kernel_arch}_kata_kvm_4.14.x -o .config
$ kernel_version=$(grep "Linux/[${kernel_arch}]*" .config | cut -d' ' -f3 | tail -1)
$ kernel_tar_file="linux-${kernel_version}.tar.xz"
$ kernel_url="https://cdn.kernel.org/pub/linux/kernel/v$(echo $kernel_version | cut -f1 -d.).x/${kernel_tar_file}"
$ curl -LOk ${kernel_url}
$ tar -xf ${kernel_tar_file}
$ mv .config "linux-${kernel_version}"
$ pushd "linux-${kernel_version}"
$ curl -L https://raw.githubusercontent.com/kata-containers/packaging/master/kernel/patches/0001-NO-UPSTREAM-9P-always-use-cached-inode-to-fill-in-v9.patch | patch -p1
$ make ARCH=${kernel_dir} -j$(nproc)
$ kata_kernel_dir="/usr/share/kata-containers"
$ kata_vmlinuz="${kata_kernel_dir}/kata-vmlinuz-${kernel_version}.container"
$ [ $kernel_arch = ppc64le ] && kernel_file="$(realpath ./vmlinux)" || kernel_file="$(realpath arch/${kernel_arch}/boot/bzImage)"
$ sudo install -o root -g root -m 0755 -D "${kernel_file}" "${kata_vmlinuz}"
$ sudo ln -sf "${kata_vmlinuz}" "${kata_kernel_dir}/vmlinuz.container"
$ kata_vmlinux="${kata_kernel_dir}/kata-vmlinux-${kernel_version}"
$ sudo install -o root -g root -m 0755 -D "$(realpath vmlinux)" "${kata_vmlinux}"
$ sudo ln -sf "${kata_vmlinux}" "${kata_kernel_dir}/vmlinux.container"
$ popd
$ popd
$ rm -rf "${tmpdir}"
这一长串安装步骤来自于:
注意以下指令:
curl -L https://raw.githubusercontent.com/kata-containers/packaging/master/kernel/configs/${kernel_arch}_kata_kvm_4.14.x -o .config
这条指令用到了kernel_arch参数,kernel_arch的值是通过kernel_arch=”$(./kata_arch.sh --golang)”确定的.在笔者的机器上,执行这条指令得到的kernel_arch的值是amd64,然而并不存在文件.../configs/amd64_kata_kvm_4.14.x.如果是这样的话,直接让kernel_arch的值为x86_64.
五.配置docker
$ dir=/etc/systemd/system/docker.service.d
$ file="$dir/kata-containers.conf"
$ sudo mkdir -p "$dir"
$ sudo test -e "$file" || echo -e "[Service] Type=simple ExecStart= ExecStart=/usr/bin/dockerd -D --default-runtime runc" | sudo tee "$file"
$ sudo grep -q "kata-runtime=" $file || sudo sed -i 's!^(ExecStart=[^$].*$)!1 --add-runtime kata-runtime=/usr/local/bin/kata-runtime!g' "$file"
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
至此kata-containers搭建完成
执行 sudo docker run -ti --runtime kata-runtime busybox sh启动kata-container
参考:https://github.com/kata-containers/documentation/blob/master/Developer-Guide.md